@nizam-os/dashboard-sdk 5.0.0 → 5.1.1

package/dist/api/resources/assignments/client/Client.d.ts

@@ -19,6 +19,7 @@ export declare class AssignmentsClient {
      * @param {NizamDashboard.OpenAssignmentRequest} request
      * @param {AssignmentsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.ConflictError}

package/dist/api/resources/assignments/client/Client.js

@@ -55,6 +55,7 @@ class AssignmentsClient {
      * @param {NizamDashboard.OpenAssignmentRequest} request
      * @param {AssignmentsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.ConflictError}
@@ -95,6 +96,8 @@ class AssignmentsClient {
         }
         if (_response.error.reason === "status-code") {
             switch (_response.error.statusCode) {
+                case 400:
+                    throw new NizamDashboard.BadRequestError(_response.error.body, _response.rawResponse);
                 case 401:
                     throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
                 case 403:

package/dist/api/resources/operators/client/Client.d.ts

@@ -19,6 +19,7 @@ export declare class OperatorsClient {
      * @param {NizamDashboard.CreateOperatorRequest} request
      * @param {OperatorsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.UnprocessableEntityError}

package/dist/api/resources/operators/client/Client.js

@@ -55,6 +55,7 @@ class OperatorsClient {
      * @param {NizamDashboard.CreateOperatorRequest} request
      * @param {OperatorsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.UnprocessableEntityError}
@@ -108,6 +109,8 @@ class OperatorsClient {
         }
         if (_response.error.reason === "status-code") {
             switch (_response.error.statusCode) {
+                case 400:
+                    throw new NizamDashboard.BadRequestError(_response.error.body, _response.rawResponse);
                 case 401:
                     throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
                 case 403:

package/dist/api/resources/organizations/client/Client.d.ts

@@ -59,7 +59,9 @@ export declare class OrganizationsClient {
     getOrganization(request: NizamDashboard.GetOrganizationRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.Organization>;
     private __getOrganization;
     /**
-     * Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later.
+     * Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later. L4 @HasPermission ensures the caller is an admin; the owner-only check inside the handler narrows further.
+     *
+     * > **Requires** `administer` on `organization` (SpiceDB permission expression).
      *
      * @param {NizamDashboard.DeleteOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
@@ -77,7 +79,9 @@ export declare class OrganizationsClient {
     deleteOrganization(request: NizamDashboard.DeleteOrganizationRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<void>;
     private __deleteOrganization;
     /**
-     * Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep.
+     * Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep. Gated by L4 — admins of the org are allowed; non-admins surface as 403 from Spring Security's access-denied handler.
+     *
+     * > **Requires** `administer` on `organization` (SpiceDB permission expression).
      *
      * @param {NizamDashboard.UpdateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.

package/dist/api/resources/organizations/client/Client.js

@@ -181,7 +181,9 @@ class OrganizationsClient {
         return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "GET", "/v1/organizations/{id}");
     }
     /**
-     * Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later.
+     * Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later. L4 @HasPermission ensures the caller is an admin; the owner-only check inside the handler narrows further.
+     *
+     * > **Requires** `administer` on `organization` (SpiceDB permission expression).
      *
      * @param {NizamDashboard.DeleteOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
@@ -240,7 +242,9 @@ class OrganizationsClient {
         return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "DELETE", "/v1/organizations/{id}");
     }
     /**
-     * Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep.
+     * Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep. Gated by L4 — admins of the org are allowed; non-admins surface as 403 from Spring Security's access-denied handler.
+     *
+     * > **Requires** `administer` on `organization` (SpiceDB permission expression).
      *
      * @param {NizamDashboard.UpdateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nizam-os/dashboard-sdk",
-  "version": "5.0.0",
+  "version": "5.1.1",
   "description": "Nizam Dashboard API SDK for TypeScript / JavaScript.",
   "license": "MIT",
   "private": false,